SiFive Becomes First IP Supplier to Achieve Automotive ISO/SAE 21434:2021 Product Certification

July 12, 2024 -- In the era of software-defined vehicles (SDVs), cybersecurity isn't just a buzzword; it's a critical necessity. SDVs are increasingly vulnerable to cyberattacks thanks to their interconnected systems, huge size of software and vast amounts of data being generated and processed. These attacks could compromise safety, privacy, and even a vehicle's functionality and have huge implications to brand reputation. To help mitigate these risks, SiFive is laser focused on cybersecurity and recently achieved ISO/SAE 21434:2021 product certification.

For more information on this milestone and SiFive’s deep commitment to automotive security, check out our Q&A below with SiFive’s Priyanka Viswanathan, director of quality, functional safety and cybersecurity, and Yann Loisel, Principal Security Architect.

What is ISO/SAE 21434:2021 and why is it a big deal that SiFive received ISO/SAE 21434:2021 certification?

ISO/SAE 21434:2021, the premier international standard for automotive cybersecurity engineering, provides a comprehensive framework to identify, assess, and mitigate cybersecurity risks across the supply chain. The standard covers the entire lifecycle of a vehicle, from concept to decommissioning. Additionally, ISO/SAE 21434:2021 satisfies the UNECE WP.29 R155 regulation, which ensures that cybersecurity management systems (CSMS) take a systematic approach to risk management. Although UNECE WP.29 R155 compliance is mandated only in the European Union, Japan, and Korea, the requirements of the standard are used by most car manufacturers (OEMs) across the globe as a best practice so they can design vehicles to meet the requirements of markets across the globe.

SiFive is the first IP provider to achieve ISO/SAE 21434:2021 product certification, validating that our automotive solutions are developed to the requirements of CSMS (audited and certified by a third party to make sure that the CSMS meets the requirements of ISO/SAE 21434:2021) and are equipped to resist the evolving threat landscape. Our automotive customers can design with confidence knowing that we have implemented the highest industry standards throughout the design, development, and deployment of our products.

Which of SiFive’s products have ISO/SAE 21434:2021 certification?

SiFive not only received ISO/SAE 21434:2021 certification for our CSMS, SiFive also completed ISO/SAE 21434:2021 assessments on our RISC-V based SiFive Automotive products:

• E6-AB: A 32-bit embedded processor ideal for real-time applications requiring ASIL B hardware safety integrity.
• E6-AD: A 32-bit processor designed for advanced driver-assistance systems (ADAS) and other demanding safety-critical applications.
• E6-AS: A 32-bit processor supporting split-lock functionality and targeting ASIL D integrity level in lock-mode.
• S7-AD: A 64-bit processor optimized for safety-critical functions that delivers exceptional performance for zonal controllers and other complex automotive systems.

What are the benefits for SiFive’s customers?

By meeting strict cybersecurity requirements, our solutions help to reduce the risk of cyber threats, vulnerabilities and recalls, liabilities, and safety hazards. SiFive’s pre-certified IP allows our customers and their customers to achieve compliance with stringent automotive cybersecurity standards and which in turn will help OEMs to meet regulations across the globe, including the UNECE WP.29 R155. This certification helps to accelerate the development cycle and get products to market faster. To further streamline the design process, SiFive provides our customers with a security package, which includes a comprehensive security manual and a detailed cybersecurity capability and interface report.

How does industry collaboration play a role in automotive security?

Tackling cybersecurity threats is extremely complex, so collaboration across the supply chain is critical. SiFive collaborates with the automotive industry through various forums e.g. Auto-ISAC, which brings together OEMs, Tier-1, Tier-2 suppliers, and other providers to align on automotive cybersecurity threats, attacks, and protective measures. By working together, we can all work to better understand the current threat landscape, anticipate future issues, and mitigate potential threats. SiFive is also actively involved in RISC-V International’s Automotive special interest group (SIG) to accelerate the adoption of RISC-V for the automotive industry.

Why is automotive cybersecurity especially challenging today?

As vehicles become more connected and reliant on software, the attack surface expands. There are many real-world examples of vulnerabilities that have been exploited to remotely control vehicles, steal data, and disrupt critical systems. The consequences of these exploits could seriously jeopardize the safety of passengers, not to mention the privacy and financial risks of having users’ data compromised.

It’s also important to remember that SDVs often reuse the same software and hardware already developed for other applications beyond automotive, which helps to minimize the costs of developing automotive-specific solutions. The downside is the same exploitation techniques that exist for other applications can be reused for vehicles. Additionally, there are many different ways that cyberattacks on vehicles can be executed, including through memory safety systems, a lack of isolation, code injection, or through specific vulnerabilities (e.g. a lack of security on a CAN bus). Tier-1 and Tier-2 suppliers, along with the rest of the supply chain, need to ensure that there are not any security holes in any component used in a vehicle—a vulnerability anywhere in the system comprises the entire vehicle.

What’s next for SiFive?

SiFive is deeply committed to cybersecurity, so we are working to implement the security practices and guidelines outlined by ISO/SAE 21434:2021 across the other products in our portfolio, as appropriate.

Our customers know that they can rely on us as their trusted partner to navigate the complex landscape of cybersecurity and offer a head start in building secure and reliable automotive systems. Together, we can create a future where vehicles are not only intelligent and connected, but are also safe and secure from cyber threats.